generic-library/curl
1
0
Fork 0
Code Issues Pull Requests Releases Wiki Activity

Made CURLOPT_SSL_VERIFYHOST set to 1 acts as described in the documentation:

Browse Source 
fail to connect if there is no Common Name field found in the remote cert.
We should deprecate the support for this set to 1 anyway soon, since the
feature is pointless and most likely never really used by anyone.
This commit is contained in:
Daniel Stenberg 2007-07-11 22:20:46 +00:00
parent c0095d6dd9
commit d12759c73e
3 changed files with 11 additions and 11 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

6
CHANGES
View File

@ -6,6 +6,12 @@
Changelog Changelog
Daniel S (12 July 2007)
- Made CURLOPT_SSL_VERIFYHOST set to 1 acts as described in the documentation:
fail to connect if there is no Common Name field found in the remote cert.
We should deprecate the support for this set to 1 anyway soon, since the
feature is pointless and most likely never really used by anyone.
Daniel S (11 July 2007) Daniel S (11 July 2007)
- Shmulik Regev fixed a bug with transfer-encoding skipping during the 407 - Shmulik Regev fixed a bug with transfer-encoding skipping during the 407
error pages for proxy authentication. error pages for proxy authentication.

3
RELEASE-NOTES
View File

@ -18,6 +18,7 @@ This release includes the following bugfixes:
o test cases 31, 46, 61, 506, 517 now work in time zones that use leap seconds o test cases 31, 46, 61, 506, 517 now work in time zones that use leap seconds
o problem with closed proxy connection during HTTP CONNECT auth negotiation o problem with closed proxy connection during HTTP CONNECT auth negotiation
o transfer-encoding skipping didn't ignore the 407 response bodies properly o transfer-encoding skipping didn't ignore the 407 response bodies properly
o CURLOPT_SSL_VERIFYHOST set to 1
This release includes the following known bugs: This release includes the following known bugs:
@ -25,7 +26,7 @@ This release includes the following known bugs:
Other curl-related news: Other curl-related news:
o o pycurl 7.16.4 was released http://pycurl.sf.net
New curl mirrors: New curl mirrors:

13
lib/ssluse.c
View File

@ -1131,16 +1131,9 @@ static CURLcode verifyhost(struct connectdata *conn,
#endif /* CURL_DOES_CONVERSIONS */ #endif /* CURL_DOES_CONVERSIONS */
if (!peer_CN) { if (!peer_CN) {
if(data->set.ssl.verifyhost > 1) { failf(data,
failf(data, "SSL: unable to obtain common name from peer certificate");
"SSL: unable to obtain common name from peer certificate"); return CURLE_SSL_PEER_CERTIFICATE;
return CURLE_SSL_PEER_CERTIFICATE;
}
else {
/* Consider verifyhost == 1 as an "OK" for a missing CN field, but we
output a note about the situation */
infof(data, "\t common name: WARNING couldn't obtain\n");
}
} }
else if(!cert_hostcheck((const char *)peer_CN, conn->host.name)) { else if(!cert_hostcheck((const char *)peer_CN, conn->host.name)) {
if(data->set.ssl.verifyhost > 1) { if(data->set.ssl.verifyhost > 1) {